Cyber.spirit wrote:so you wanna say most or its better to say all of exploits are in assembly?

Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn't read it i just read the table of content) but if i am right tell me why it doesn't teach asembly instead of c its harder it needs more time.

Thanks for your help

Just go through Hacking: AoE and it will make more sense. That book starts with C because you later break those programs down to assembly in a debugger and learn how to exploit them. It sounds complex when you've never done it before, but it becomes "obvious" once you spend some time with it.

AoE is an introduction to exploitation, but doesn't cover trickier exploits. If you've never written an exploit before, this is a good book to start with. However - you'll find that to exploit certain programs you encounter in the wild, you may need to write bits of assembly to get execution flow to hop around memory and eventually hit your shellcode. To do this, you'll need to know assembly.